Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

panos_security_policy first apply deploy rules but second apply delete rules from panorama 10.2.8 #443

Open
Pr1meSuspec7 opened this issue Jul 31, 2024 · 1 comment
Open

panos_security_policy first apply deploy rules but second apply delete rules from panorama 10.2.8 #443

Pr1meSuspec7 opened this issue Jul 31, 2024 · 1 comment
Labels
bug

Comments

@Pr1meSuspec7
Copy link

Describe the bug

First time you run "terraform apply" the rules are deployed.
If you run again without changes on script terraform deletes the rules.

Expected behavior

On the second run Terraform should return "Nothing to change" because the rule is in the tfstate file.

Current behavior

On the second run Terraform returns "X to change" but it deletes the rules.

Steps to reproduce

# rules.tf
resource "panos_security_policy" "google_dns" {
    device_group = "pan-lab"
    rule {
        name = "google_dns"
        audit_comment = ""
        source_zones = ["CC-VLAN", "SEC-84"]
        source_addresses = ["any"]
        source_users = ["any"]
        destination_zones = ["untrust"]
        destination_addresses = ["google_dns"]
        applications = ["dns"]
        services = ["application-default"]
        categories = ["any"]
        action = "allow"
    }

    lifecycle {
        create_before_destroy = true
    }
}


# objects.tf
resource "panos_address_object" "google_dns_1" {
  name         = "google_dns_1"
  value        = "8.8.8.8"
  description  = ""
  type         = "ip-netmask"
  device_group = "pan-lab"

  lifecycle {
    create_before_destroy = true
  }
}

resource "panos_address_object" "google_dns_2" {
  name         = "google_dns_2"
  value        = "4.4.4.4"
  description  = ""
  type         = "ip-netmask"
  device_group = "pan-lab"

  lifecycle {
    create_before_destroy = true
  }
}

resource "panos_panorama_address_group" "google_dns" {
    name = "google_dns"
    description = ""
    device_group = "pan-lab"
    static_addresses = [
        panos_address_object.google_dns_1.name,
        panos_address_object.google_dns_2.name,
    ]

    lifecycle {
        create_before_destroy = true
    }
}
  1. Run terraform apply to deploy rules for the first time
  2. Run again terraform apply without touch any files
  3. TF returns "Plan: 0 to add, 1 to change, 0 to destroy."

Your Environment

  • Version used: TF provider PaloAltoNetworks/panos 1.11.1
  • Host running terraform: Ubuntu 22.04.4 LTS on Windows 10 x86_64 (WSL)
  • Panorama 10.2.8
  • Firewall PA-820 panos 10.2.8
@Pr1meSuspec7
Copy link
Author

Hi team, any update?

Thanks a lot
Marco

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Pr1meSuspec7